This is driving me abit nuts so if anyone could hepl i'd be very grateful!!
I am trying to send a message to a public queue from a server within the domain to the domain controller but i get the error:
'A workgroup installation computer does not support the operation.'
I have set up the MSMQ on the Domain COntroller and created a message queue in the Public Queues folder.
I know a similar question has been asked before:
Why does MSMQ think I'm on a workgroup computer?
but i have tried all of the things that were suggested but i still get the same error.
So to take you through what i have tried from suggestions:
a) AD integration was not selected as a setup option - when msmq installed this was selected
b) AD integration was selected but failed to initialise; check event logs - i have checked my event logs and i have the message - Selectable update MSMQ-ADIntegration of package MSMQ Server package was successfully turned on.
c) Check for orphaned object in the Active directory - I have checked the LostAndFound Directory in Active Directory Users and Computers to check no orphaned objects in AD
and i have followed these instructions: http://technet.microsoft.com/en-us/library/cc730960.aspx
I have also uninstalled restarted and reinstalled and checked again that i don t have any orphaned objects.
Also would all the servers which send the message need msmq installed? at the moment i only have it on the domain controller which i thought would be enough.
Edit 1: I have added msmq to all the servers which send messages (they are load balanced so it canbe any of them) they had msmq installed already but without Public Queues so i unistalled resrted and installed again (checking all the appropriate boxes when selecting msmq -Directory service integration/routing service etc.. and they now have Public Queues I am now getting a new error as follows:
'User's internal Message Queuing certificate does not exist.'
Edit 2:
I am still working on this but have made some progress - When i checked my domain controller for the Certificate Authority it was there but when I looked at IIS it was missing the Virtual Directory CertServ - please see link for explanation:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms755466%28v=vs.85%29.aspx
Once i have sorted this problem out i will request a computer certificate for each of my servers as below:
http://technet.microsoft.com/en-us/library/cc740173%28v=ws.10%29.aspx
Hopefully this will work!
EDIT 3: ok so for reasons of rubbish internet i m not able to request a certificate but hopefully that will be rectified in the next coupke of days. So i tried self certifying which didn t make a difference and took off UseAuthentication = true, UseEncryption = true and unchecked the authenticated box in and set encryption to optional. I no longer get an error message which leads me to believe there is something wrong with Authentication (to do with Active Directory) However even though it hasn't failed in the sense that no error message has displayed and the page i expect to be shown on my site is shown. There is no message in my Domain Controller Public queue messages...
I have done this locally where it works it seems to be when i try to do it within a domain that is causing problems.
Edit 4:
Just tolet you know my progress on this - I wanted to make sure that the message was being sent to the Domain controller so i had a look at MSMQ End2End monitoring - So on each of the web servers (the message is sent from) and the Domain controller (the message is sent to) in the Event Viewer>Application and Services Logs > Microsift> Windows >MSMQ >End2End I enabled logging.
When i tried sending a message again on the web server 2 End2End events were logged:
Message with ID CN=msmq,CN=ETAILWEB03,CN=Computers,DC=Etail,DC=local\7 was sent to queue PUBLIC=d7ee680c-11ec-4d9a-aa31-528dcc9b1eba
Message sent over network
And on the Domain Controller in the End2End events:
So from this it seems the message has arrived so i am now looking to see where the message has got lost:
https://groups.google.com/forum/?fromgroups=#!topic/microsoft.public.msmq.networking/88FYCvO2YwQ
Edit 5:
Ok so following:
MSMQ messages received but not delivered Windows 2008 R2
I added a Anonymous user and was able to add a message to the queue, which is great but i need to step backwards now and only give full control to users that messages should be received from - so what the username of the webservers are and also for security i need the messages to be Authenticated so going back to one of my earlier issues.
Edit 6:
Still struggling with this but got a bit further...
On the Domain COntroller (where the certificate authority and receiving MSMQ is) the certificate auto-enrol is configured and i run the following on the web servers (which send the messages) - run - gpupdate /force and Restarted each web server.
I made sure that on all the web servers Authenticate was checked and Body was selected in the message queue properties. I also renewed the certificates on all the web servers to make sure they up to date I am now getting the following error:
Invalid queue path name.
I have looked at the following link:
Edit 7:
ok so to try to get this to work it seemed that where the web application user was not being recognised so on the web servers i went to IIS > Application Pools > Advanced Settings > Identity and set the identity to Network Service. Once this was done I no longer get a error message when i run my application but the message does not seem to be in the public queue where i would expect it to be so I will now look at end2end again to see if i can find out where it has gone.
Fix
Once the IIS was set to Network Service i double checked that the message that was being sent was authenticated and the Domain controller that was receiving the message had authenticated checked. I gave full access to everyone on my public queue and it worked!
To be honest there was a lot of trial and error along the way but hopefully this post will help others - thanks to john B most of the stuff i ve read on this subject was posted by him in one form or another!
'User's internal Message Queuing certificate does not exist.'
Interactively log on to each server that will be sending messages.
Use the user account that the sending apps are running under.
This will create the certificate, one per machine, for that account.